1
1
mirror of https://github.com/wader/fq.git synced 2024-12-23 13:22:58 +03:00
fq/format/tls/testdata
Mattias Wadman 9852f56b74 tls: Add TLS 1.0, 1.1, 1.2 decode and decryption
What it can do:
- Decodes records and most standard messages and extensions.
- Decryptes records and reassemples application data stream if a keylog is provided
  and the cipher suite is supported.
- Supports most recommended and used ciphers and a bunch of older ones.

What it can't do:
- SSL v3 maybe supported, is similar to TLS 1.0, not tested.
- Decryption and renegotiation/cipher change.
- Record defragmentation not supported, seems rare over TCP.
- TLS 1.3
- SSL v2 but v2 compat header is supported.
- Some key exchange messages not decoded yet

Decryption code is heavly based on golang crypto/tls and zmap/zcrypto.

Will be base for decoding http2 and other TLS based on protocols.

Fixes #587
2023-03-05 13:52:12 +01:00
..
ciphers tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
dump-broken.pcapng tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
dump-broken.pcapng.fqtest tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
dump-broken.pcapng.keylog tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
dump.pcapng tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
dump.pcapng.keylog tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
help_tls.fqtest tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
ja3.fqtest tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
ja3.jq tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
README.md tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
split.jq tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
testtls.com.http1.1-tls1.2.pcap tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
testtls.com.http1.1-tls1.2.pcap.fqtest tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
testtls.com.http1.1-tls1.2.pcap.keylog tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
to_tar.jq tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00

dump.pcapng dump-broken.pcapng was created by Peter Wu and comes from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144.

dump.pcapng contains 73 tls connections with differens cipher suites. split.jq was used to split it into one pcap per connection named after cipher suit used.

dump-broken.pcapng is a broken SSL v3, uses extensions. dump-broken.pcapng.keylog not used yet.